IDEAS home Printed from https://ideas.repec.org/a/igg/jisp00/v7y2013i3p16-35.html
   My bibliography  Save this article

Holistic and Law Compatible IT Security Evaluation: Integration of Common Criteria, ISO 27001/IT-Grundschutz and KORA

Author

Listed:
  • Daniela Simić-Draws

    (Institut für Wirtschafts- und Verwaltungsinformatik, Universität Koblenz-Landau, Koblenz, Germany)

  • Stephan Neumann

    (Center for Advanced Security Research Darmstadt, Technische Universität Darmstadt, Darmstadt, Germany)

  • Anna Kahlert

    (Projektgruppe verfassungsverträgliche Technikgestaltung (Provet), Universität Kassel, Kassel, Germany, Kassel, Germany)

  • Philipp Richter

    (Projektgruppe verfassungsverträgliche Technikgestaltung (Provet), Universität Kassel, Kassel, Germany, Kassel, Germany)

  • Rüdiger Grimm

    (Institut für Wirtschafts- und Verwaltungsinformatik, Universität Koblenz-Landau, Koblenz, Germany)

  • Melanie Volkamer

    (Center for Advanced Security Research Darmstadt, Technische Universität Darmstadt, Darmstadt, Germany)

  • Alexander Roßnagel

    (Projektgruppe verfassungsverträgliche Technikgestaltung (Provet), Universität Kassel, Kassel, Germany, Kassel, Germany)

Abstract

Common Criteria and ISO 27001/IT-Grundschutz are well acknowledged evaluation standards for the security of IT systems and the organisation they are embedded in. These standards take a technical point of view. In legally sensitive areas, such as processing of personal information or online voting, compliance with the legal specifications is of high importance, however, for the users’ trust in an IT system and thus for the success of this system. This article shows how standards for the evaluation of IT security may be integrated with the KORA approach for law compatible technology design to the benefit of both – increasing confidence IT systems and their conformity with the law on one hand and a concrete possibility for legal requirements to be integrated into technology design from the start. The soundness of this interdisciplinary work will be presented in an exemplary application to online voting.

Suggested Citation

  • Daniela Simić-Draws & Stephan Neumann & Anna Kahlert & Philipp Richter & Rüdiger Grimm & Melanie Volkamer & Alexander Roßnagel, 2013. "Holistic and Law Compatible IT Security Evaluation: Integration of Common Criteria, ISO 27001/IT-Grundschutz and KORA," International Journal of Information Security and Privacy (IJISP), IGI Global, vol. 7(3), pages 16-35, July.
  • Handle: RePEc:igg:jisp00:v:7:y:2013:i:3:p:16-35
    as

    Download full text from publisher

    File URL: http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/jisp.2013070102
    Download Restriction: no
    ---><---

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:igg:jisp00:v:7:y:2013:i:3:p:16-35. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Journal Editor (email available below). General contact details of provider: https://www.igi-global.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.